WAScan – web application security scanner in Kali Linux

WAScan stands for Web Application Scanner. It is an open-source web application vulnerability scanner. The tool uses the technique of black-box to find various vulnerabilities. This technique will not scan the whole source code of a web application but work like a fuzzer Which means it scans the pages of the whole website or web application. This tool extracts links and forms of the web application and scans one by one to find vulnerabilities. 

Wascan provides a powerful environment in which open source web-based reconnaissance can be conducted and you can gather all information about the target. This tool is written in python language you must have python language installed in your kali Linux operating system.

Installation:

Step 1: Use the following command to install the tool in your kali Linux operating system.

git clone https://github.com/m4ll0k/WAScan.git wascan

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd WAScan

Step 3: You are in the directory of the WAScan. Now you have to install a dependency of the WAScan using the following command.

pip install BeautifulSoup

Step 4: All the dependencies have been installed in your kali Linux operating system. Now use the following command to run the tool.

python wascan.py

The wascan tool has been downloaded and installed successfully. Now we will see examples to use the tool.

Usages:

Example 1: Use the wascan to scan a domain for fingerprints/footprints.

python wascan.py --url <domain> --scan 0

Example 2: Use the wascan to scan a domain for attacks.

python wascan.py --url <domain> --scan 1